Siemens SCALANCE and RUGGEDCOM

MonitorCVSS 4.3ICS-CERT ICSA-25-162-03Jun 10, 2025

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Several Industrial Communication Devices based on SINEC OS before V3.1 contain an incorrect authorization check vulnerability. An attacker with guest-level credentials could bypass role-based access control to perform actions that exceed the permissions of the guest role. Affected devices include RUGGEDCOM RST2428P and multiple SCALANCE switch series (XC, XCH, XCM, XR, XRH, XRM). The vulnerability does not require elevated privileges to trigger but could allow unauthorized configuration changes or disruption of network services. Siemens has released firmware version 3.1 for all affected products.

What this means

What could happen

An authenticated attacker with guest-level access could bypass authorization checks to perform actions beyond their assigned permissions on industrial switches and routers, potentially altering network configurations or disrupting communications between field devices and control systems.

Who's at risk

Manufacturing plants and utilities using Siemens SCALANCE managed switches and RUGGEDCOM industrial routers for network infrastructure. These devices are typically deployed to connect industrial devices like PLCs, RTUs, and sensors across facility networks and remote sites. The vulnerability affects authentication for administrative access to these switches and routers.

How it could be exploited

An attacker with network access to the device management interface and guest-level credentials could send specially crafted requests to the device that bypass role-based access control, allowing them to perform administrative actions intended only for higher-privileged accounts.

Prerequisites

Network access to the device management interface (Ethernet port)
Valid guest-level user credentials or ability to authenticate as guest user
Device running firmware version below 3.1

Remotely exploitableLow complexity attackRequires valid authenticationAffects network infrastructure spanning multiple industrial sites

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (29)

29 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RST2428P (6GK6242-6PA00)< V3.13.1

SCALANCE XC316-8< V3.13.1

SCALANCE XC324-4< V3.13.1

SCALANCE XC324-4 EEC< V3.13.1

SCALANCE XC332< V3.13.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to device management interfaces to authorized administration networks only using firewall rules or access control lists

WORKAROUNDDisable guest-level user accounts if not required for operational purposes

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE and RUGGEDCOM devices to firmware version 3.1 or later

Long-term hardening

0/1

HARDENINGSegment industrial network devices behind a firewall, isolating them from business networks and preventing direct internet access

CVEs (1)

CVE-2024-41797

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/16cc8e0d-804d-444d-a038-185666a51ff0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.